In 2016, a court ordered Apple to create an update that would allow the FBI access to the contents of a smartphone used by one of the San Bernardino shooters. Such an update would make all iPhones more vulnerable to hacking, but law enforcement argued that assisting the investigation into the terrorist attack that killed fourteen people was more important than maintaining the privacy of people’s phones. Yet this was not a simple story of national security versus privacy. It was, in fact, a security versus security story.
While the FBI eventually found a way to unlock the phone without Apple’s help, the case raised critical questions for our digital age. Security—personal, business, and national—requires widespread use of strong encryption systems. That means encryption systems without back doors, front doors, or any other form of easy access. While encryption undoubtedly makes investigations harder to conduct, law enforcement has alternative tools at its disposal. If companies provide systems that make it easier for law enforcement to get into phones, they will reduce our security and increase the risk that others with less benevolent motives will take advantage of the weaknesses present in such “exceptional access.” They will also greatly reduce the value of smartphones serving as “two-factor authenticators.”
No device so essential to our security should be able to be turned into an eavesdropping system with ease. The more secure communications and smartphones are, the more secure and private all of us can be. In a world surrounded by networked smart devices and increasingly capable adversaries, the government’s responsibility is to protect us—and to enable us to secure ourselves.
Susan Landau is the Bridge Professor in Cybersecurity at the Fletcher School and the Tufts School of Engineering. This essay is adapted from her book, Listening In: Cybersecurity in an Insecure Age.
Tips to Protect Your Digital Identity
Landau offers these five basic rules for securing your devices.
1 Accept automatic updates for everything you use. “Don’t say I’m too busy now—just do it.”
2 Think before you click on a link or open an attachment—that’s the way most cyberexploits work.
3 Use two-factor authentication to log in to online accounts. Avoid text messages as a second factor; attackers can intercept them.
4 Be very careful about browsing on public Wi-Fi. Use a VPN.
5 Activate features such as Find My iPhone and an automatic Activation Lock, which prevents Find My iPhone from being shut off by thieves. It’s possible to circumvent such protections, but they have dramatically reduced theft of smartphones and, with it, theft of digital identities.